MoboTap, which makes the Dolphin Browser for iOS and Android, has acknowledged that the newest version of the Android app transmits the address of every Web site a user visits back to the company's servers.
"The privacy and security implications arise when a user connects to a secure Web site (usually shown by 'https://' and a closed lock icon)," writes CNET News' Declan McCullagh. "The second, surreptitious connection to MoboTap is unencrypted, allowing an eavesdropper on a Wi-Fi network to learn what's happening."
"'In some cases, if you knew the URL you can take over the user's session,' says Seth Schoen, staff technologist at the Electronic Frontier Foundation, which has advocated the adoption of encrypted Web browsing to thwart eavesdroppers," McCullagh writes.
Go to "Dolphin HD browser snared in security breach" to read the details.
For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.